Article Number
000032240
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.x
Issue
An administrator needs to know what data is sent to a remote syslog server from the RSA Authentication Manager.
Task
Creating a Report
- To create a report login to the Security Console.
- Select Reporting > Reports > Add New.
- Select either the Authentication Activity, Administrator Activity or System Log Report template and then click Next.
- Enter only a Report Name (e. g., Authentication Activity).
- Click Save.
Running a Report
- From the Security Console select Reporting > Reports > Manage Existing.
- Click on the report name and select Run Report Job Now.
- In the Input Parameters Values, enter the relevant values.
- When done, click Run Report.
- Click Refresh List. When the report disappears, click the Completed tab.
- Click on the report name and choose your viewing option (browser, CSV, XML or HTML).
Resolution
There are three pieces of information that will allow an administrator to work out the data being sent to the remote syslog server.
- Review the RSA Authentication Manager 8.2 Troubleshooting Guide, which provides information on how to troubleshoot Authentication Manager 8.2 for commonly occurring error messages. These error messages are displayed in the SNMP traps or in the logs.
- RSA Authentication Manager has three tables that store runtime (authentication), administrative and system log data. The RSA Authentication Manager 8.2 Developer Guide, available in the extras.zip, provides the table structures for the runtime log table (IMS_LOG_AUDIT_RT), administration log table (IMS_LOG_AUDIT_ADM) and system log table (IMS_LOG_SYSTEM).
- The Security Console provides three reporting templates called Authentication Activity (for runtime), Administrator Activity (for admin) and System Log Report (system) that report data from the three logging tables.
Notes
Headers for the Runtime (Authentication) Log (IMS_LOG_AUDIT_RT)
- id
- utc_log_time
- local_log_time
- instance_id
- session_id
- serial
- signature_id
- client_ip
- server_node_ip
- component_key
- log_level
- action_key
- action_id
- action_result
- result_key
- actor_id
- actor_realm_id
- actor_secdom_id
- actor_idsrc_id
- actor_login_uid
- actor_fname
- actor_lname
- agent_id
- agent_secdom_id
- agent_ip
- agent_name
- agent_type
- authmethod_id
- authmethod_name
- policy_id
- policy_expr
- arg1
- arg2
- arg3
- arg4
- arg5
- arg6
- arg7
- arg8
- arg9
- arg10
- more_args
Headers for the Administrative Log (IMS_LOG_AUDIT_ADM)
- id
- utc_log_time
- local_log_time
- instance_id
- session_id
- batch_id
- serial
- signature_id
- client_ip
- server_node_ip
- component_keylog_level
- action_keyaction_id
- action_result
- result_keyadmin_id
- admin_idsrc_id
- admin_secdom_id
- admin_login_uid
- admin_fnameadmin_lname
- realm_id
- obj1_typeobj1_id
- obj1_idsrc_id
- obj1_secdom_id
- obj1_nameobj2_type
- obj2_id
- obj2_idsrc_id
- obj2_secdom_id
- obj2_name
- more_args
Headers for the System Log (IMS_LOG_SYSTEM)
- id
- utc_log_time
- local_log_time
- instance_id
- session_id
- batch_id
- serial
- signature_id
- client_ip
- server_node_ip
- component_keylog_level
- action_keyaction_id
- action_result
- result_keyadmin_id
- admin_idsrc_id
- admin_secdom_id
- admin_login_uid
- admin_fnameadmin_lname
- realm_id
- obj1_typeobj1_id
- obj1_idsrc_id
- obj1_secdom_id
- obj1_nameobj2_type
- obj2_id
- obj2_idsrc_id
- obj2_secdom_id
- obj2_name
- more_args
